[Prev][Next][Index][Thread]
Re: Perl Co-inventor Convicted
I received this via a many-forwarded email, and am reposting including
the commentary from the original commentator.
Steve
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Reprinted without permission from the Oregonian, July 26, 1995, pages
D1, D5 for the purposes of commentary.
By Fiona M. Ortiz, of the Oregonian Staff
HILLSBORO -- Randal L. Schwartz has always known he was smart. What he
has had trouble grasping is that a person can be too smart for his own
good.
Schwartz, 33, was earning $45 an hour as a contractor for Intel in
October 1993 when he got caught cracking computer passwords in a
system he was not authorized to access.
Schwartz told jurors he was only trying to help point out security
flaws. His lawyer insisted throughout the 2 1/2 week trial that
Schwartz hacked because he could, not because he meant any harm.
But after closing arguments Tuesday, the Washington County Circuit
Court jury found the Cedar Hills consultant guilty of three charges of
computer crime. He wept and left the courtroom facing a potential jail
term and $60,000 in restitution to Intel.
Schwartz's case was Washinton County's first computer-crime trial and
meant a crash course in computerese for everyone in the courtroom. In
the end, jurors were swayed more by the letter of Oregon's
computer-crime law than the ``no harm, no foul'' defense of Schwartz's
computer-hacker world.
Schwartz was a computer whiz kid and social misfit before he became
part of the computer programming subculture.
By age 9, at an elementary school in Gladstone, he knew he wanted to work
with computers. By age 16, he was working full time for Tektronix. He set
up his own consulting firm in 1985.
His world was not the sensationalized subculture of young cyberpunks who
use drugs and try to break into military computers. Schwartz's milieu
was more of an academic subculture, where the computer cognoscenti talk
of ``elegant solutions'' and wear their brains on their sleeves.
Even his defense lawyer, Marc A. Sussman, asked jurors not to judge
Schwartz's sometimes ``irritating or arrogant'' personality. That
arrogance, prosecutor Thomas J. Tintera told the jury, that flouting
of rules, was what got him into trouble.
For more than a decade, thinkers on cyber ethics have debated how much
leeway to give talented hackers whose pride is proving they can get
into any system.
Corporate policies make it clear they will not tolerate even
``harmless'' intrusions to their systems, but not all hackers agree.
``The idea that `if it's there, I can look at it' does permeate a lot
of the hacker world,'' says Tom Schubert, a computer science professor
at Portland State University.
It's hard for outsiders, even managers of computer programmers, to
understand people who are driven to expose, if not to exploit, bugs in
computer programs, said Tom Christiansen, a Colorado computer
programmer, and a collegaue of Schwartz.
``They're not going to understand what drives someone to play with a
system,'' Christiansen said, ``not illegally, but to make it do
tricks, to feel a sense of accomplishment, because you've created this
very interesting thing.''
Christiansen, as well as one of Schwartz's legal advisers, was
concerned that Schwartz could not get a fair trial unless the jury was
full of computer-philes.
``To me, `peer' means someone who understands what I'm doing,''
Christiansen said. ``You are not granted a legitimate legal trial by
your peers but by simpletons who do not understand the technical
aspects of what's going on and consequently aren't able to judge
you.''
Even among fellow computer lovers, Schwartz likes to stand apart,
especially by letting people know he was a hacker from way back.
People familiar with Schwartz's postings in news groups on the
Internet [sic] said he always signed off with words to the effect that
he's been hacking around since before anyone else on the net was born.
Yet Schwartz is not a household word among programmers. Nationally he
is well-known to people interested in Perl, a programming language,
because he wrote and co-wrote two books about the language.
He has generated some sympathy among some peers.
``The general feeling in the community, not knowing all the legitimate
facts, of course,'' Christiansen said, ``looks like he's probably
guilty of bad judgement.''
Darrell Fuhrman, a systems administrator at Teleport, an Internet
subscriber service in Portland, said he's a security-conscious
administrator, and he'd be mad if Schwartz tampered with his system.
``But I think it's in a large way good to have people pokling and
prodding and seeing if there's a hole here,'' Fuhrman said. ``It's not
the good guysd you have to worry about and I consider Schwartz to be
one of the good guys.''
There was never a question in the courtroom of Schwartz removing data
from Intel's system. But his offense was still serious, said Intel
lawyer John H. Woodard, who observed much of the trial.
``If somebody break's into your home, do you feel OK just because you
can't prove you took something?'' Woodard asked. ``Do you want people
looking at your medical records and back account s even if they say
they didn't change them?''
Woodard said Intel spent money and time making sure Schwartz had not
installed unauthorized programs in their systems.
``We were the victim. We were not the prosecutors in this case,'' said
Woodard, who is concerned that some people mistakenly see the case as
Intel vs. Schwartz.
``I think it was good for all the high-tech companies moving into this
area that the county is willing to pursue these types of crimes.''
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sidebar on Schwartz Verdict
* COUNT 1: Guilty of knowingly and without authorization altering a
computer network.
* WHAT DID HE DO? Randal L. Schwartz flouted Intel policy when he
installed so-called ``gateway'' programs on two computers so he could
access Intel computers from a remote computer.
* HIS DEFENSE: Schwartz said he had previously installed such programs
when Intel had made policy exceptions. He also said that he didn't
compromise Intel security.
* COUNTS 2 AND 3: Guilty of knowingly using a computer system to steal
a password file from the Supercomputer Systems Division; stealing
individual users' passwords.
* WHAT DID HE DO? Schwartz did not have access to the division's main
password file. He cracked passwords from a minor computer in the division
where he did have access. He used one of those passwords to log on to the
main cluster of division computers, where he copied the password file to
his own computer and ran a password-cracking program. He cracked, among
others, the password of an Intel vice president.
* HIS DEFENSE: Schwartz said it was a clumsy attempt to alert Intel to
security problems and that he didn't use the passwords to peek at
information.
* PENALTIES: A sentencing hearing is set for Sept. 11. Because of his
clean criminal record, jail time of 3-6 months is likely. The prosecutor
will ask for $60,000 restitution, the amount Intel says it spent fixing
problems Schwartz caused.
---
I highly recommend getting copies of the Oregonian from this entire
week if you want to really read up on this case. It's also helpful to
the Oregonian to send in letters to the editor about the problems you
might have about the articles, after you buy the paper. Don't send
them comments based on this transcription, I'm only putting it here
for commentary, and not to violate the Oregonian's right to charge for
the words it prints.
I have never worked for Intel, nor am I affiliated with Randal L.
Schwartz, the Oregonian, O'Reilly and Associates, or anyone else. I am
not posting as a mouthpiece of ADP or any other organization... I just
happen to live in the area.
--
Joshua R. Poulson, Systems Engineering, ADP Dealer Services, Portland, OR
PGP Public Key available upon request
Follow-Ups:
References: